SHA-512 w/ per User Salts is Not Enough
May 11, 2011, 14:04 (1 Talkback[s])
"Back in January, I was having a causal conversation about
passwords at a local gathering about security and was asked what we
use for storing the passwords. I stated that we are using sha-512
w/ per user salts but we are looking at moving away from this
standard to something much stronger.
The response that I received from this person was pretty much in
line with other comments I have received and seen on some of our
forums. The two most common responses are: "Oh good, you are using
per user salts" and "yeah, using sha-512 is much better than md5."
Granted, these comments are true, using sha-512 is better than
using md5 and better than not using per user salts but there is
still a weakness that I feel is overlooked."